1. Home
    2. /
  2. Manuals
    3. /
  3. Siemens
    4. /
  4. SpeedStream-6300
    5. /
  5. 17
Page 81 / 102 Scroll up to view Page 76 - 80
SpeedStream Wireless DSL Gateway
Advanced Features
75
3.
Select the checkboxes next to the corresponding option under the "After enabling the Attack
Detection System, select events below to filter and/or log:" heading.
Note
: You can select the "Filter
all" and "Log all" checkboxes to both select and log all options. Please see the descriptions below for
all of the available options:
Same Source and Destination Address
: An outside device can send a SYN (synchronize)
packet to a host with the same source and destination address (including port) causing the system
to hang.
Broadcast Source Address
: An outside device can send a ping to your gateway broadcast
address using a forged source address. When your system responds to these pings, it is brought
down by echo replies.
LAN Source Address on LAN
: An outside device can send a forged source address in an
incoming IP packet to block trace back.
Invalid IP Packet Fragment
: An outside device can send fragmented data packets that can bring
down your system.
TCP NULL
: An outside device can send an IP packet with the protocol field set to TCP but with
an all null TCP header and data section. If your gateway responds to this attack, it will bring
down your system.
TCP FIN
: An outside device can send an attack using TCP FIN. This attack never allows a data
packet to finish transmitting and brings down your system.
TCP XMAS
: An outside device can send an attack using TCP packets with all of the flags set.
This causes your system to slow to a halt.
Fragmented TCP Packet
: An outside device can send an attack using fragmented packets to
allow an outside user Telnet access to a device on your network.
Fragmented TCP Header
: An outside device can send an attack using TCP packets with only a
header and no payload. When numerous packets are sent through the gateway in this manner,
your system slows and halts.
Fragmented UDP Header
: An outside device can send an attack using fragmented UDP headers
to bring down a device on your network.
Fragmented ICMP Header
: An outside device can send an attack using fragmented ICMP
headers to bring down a device on your network.
Inconsistent UDP/IP header lengths
: An outside device can send an attack using inconsistent
UDP/IP headers to bring down a device on your network.
Inconsistent IP header lengths
: An outside device can send an attack using changes in the IP
header to zero the fragment offset field. This will be treated as a complete packet when received
and cause your system to halt.
4.
Click
Apply
.
Page 82 / 102
SpeedStream Wireless DSL Gateway
Advanced Features
76
IP Filtering
IP filtering options are only available if your Firewall Level setting is
Custom
. This method of firewall
protection is recommended for advanced users only. Click the
Configuration
button to step through the
IP Filter Configuration Wizard for Inbound and Outbound IP Filter Rules.
To use the IP filtering option:
1.
Click the "Configure" hyperlink next to the "IP Filtering" heading.
2.
Click
Add New IP Filter Rule
.
3.
Type up to a five digit numeric value in the "Rule No" box.
4.
Select either "Permit" or "Deny" from the "Access" drop-down. Select "Permit" to allow the rule and
"Deny" to not allow the rule.
5.
Select either "Inbound" or "Outbound" from the "Direction" drop-down. Inbound refers to data
coming into the gateway, while outbound refers to data transmitted from the gateway.
6.
Optionally
, select the "Disable stateful inspection for packets matching this rule" option.
7.
Optionally
, select the "Create a log entry for packets matching this rule" option places an entry in the
log file when packets match this rule.
8.
Click
Next
.
9.
Under the "Source" heading, select a network connection from the "Network Interface" drop-down.
10.
Select one of the following options:
Any IP address
: Select this option if this rule applies to any IP address from the source.
This IP address
: Select this option if a rule applies to a specified IP address of the source. Type
the IP address and netmask in the boxes below this option.
11.
Under the "Destination" heading, select a network connection from the "Network Interface" drop-
down.
12.
Select one of the following options:
13.
Any IP address: Select this option if this rule applies to any IP address from the destination.
14.
This IP address: Select this option if a rule applies to a specified IP address of the destination. Type
the IP address and netmask in the boxes below this option.
15.
Optionally, select the "or Host" checkbox to use your gateway netmask as the destination netmask.
16.
Select one of the following options from the "Select by Name" drop-down:
17.
TCP (Transmission Control Protocol): Provides reliable, sequenced, and unduplicated delivery of
bytes to remote or local users.
18.
UDP (User Datagram Protocol): Provides for the exchange of datagrams without acknowledgement or
guaranteed delivery.
19.
ICMP (Internet Control Message Protocol): A mechanism that provides for peer communication. The
most commonly used application for this protocol is the PING command.
Page 83 / 102
SpeedStream Wireless DSL Gateway
Advanced Features
77
20.
GRE (Generic Routing Encapsulation): A tunneling protocol that is used primarily for VPN (Virtual
Private Networks).
21.
Optionally, you can type a protocol number in the "Select by Number" box.
22.
Click Next.
23.
Select one of the following options from the "Source Port Operator" drop-down:
any
: Any port is accepted.
less than or equal to
: Less than or equal to a numeric value in the "Port 1" box.
equal to
: Equal to the value in the "Port 1" box.
greater than or equal to
: Greater than or equal to the value in the "Port 1" box.
range
: A range of ports between the value of the entry in the "Port 1" box and the value in the
"Port 2" box.
24.
Select one of the following options from the "Destination Port Operator" drop-down:
any
: Any port is accepted.
less
than or equal to: Less than or equal to a numeric value in the "Port 1" box.
equal to
: Equal to the value in the "Port 1" box.
greater than or equal to
: Greater than or equal to the value in the "Port 1" box.
range
: A range of ports between the value of the entry in the "Port 1" box and the value in the
"Port2" box.
25.
Optionally
, select the "Check TCP syn packets" option if you wish this rule to prevent the blocking
of synchronization packets for pre-existing sessions.
26.
Click Next.
27.
Click Finish.
To clone rules:
1.
Click Clone IP Filter Level.
2.
Select either "Low" or "High" from the "Select preconfigured firewall level for cloning" drop-down.
3.
Click Apply. The system respond by copying either the high or low level hard-coded firewall options
and copying or "cloning" them for additions or modifications.
DMZ
The gateway allows you to configure a DMZ (Demilitarized Zone) to allow for either a temporary or
permanent bypassing of the firewall for network or Internet gaming. If the DMZ feature is enabled, you
must select the computer to be used as the DMZ computer/host.
To configure the DMZ:
1.
Log on as the administrator or gamer.
Page 84 / 102
SpeedStream Wireless DSL Gateway
Advanced Features
78
2.
Click Gateway in the toolbar.
3.
Click Security in the left-navigation pane.
4.
Click
Firewall Settings
.
The system responds with the “Firewall Settings” window.
Figure 68. Firewall Settings Window with the DMZ Option Selected
5.
Under the "Gaming" heading, select the "DMZ" checkbox.
6.
Click the "Configure" hyperlink next to the "DMZ" checkbox.
7.
Select one of the following options:
Disable DMZ
: The firewall is not bypassed.
Enable DMZ with this Host IP address
: The firewall is bypassed through an IP address typed in
the box next to this field.
Enable DMZ with this Host IP address
: The firewall is bypassed through an IP address that is
selected from the drop-down next to this field.
8.
Select one of the following options:
Make Settings Permanent
: The settings in step 3 are permanent unless changed by the
administrator.
Make Settings Last for
: The settings in step 3 are only enabled for the time (in minutes) entered
in the box next to this option.
9.
Click
Apply
.
Page 85 / 102
SpeedStream Wireless DSL Gateway
Advanced Features
79
Snooze Control
The snooze feature allows you to bypass the firewall for a set amount of time so outside support
personnel can access your gateway or network.
Note
:
Important!
This function is recommended for use
only when you require this special level of unrestricted access as it leaves your Gateway and network
exposed to the Internet with no firewall protection.
Figure 69. Firewall Settings Window with the Firewall Snooze Control Option Selected
To use the snooze control feature:
1.
Under the "Support" heading, select the "Firewall Snooze Control " checkbox.
2.
Click the "Configure" hyperlink next to the "Firewall Snooze Control" checkbox.
3.
Select one of the following options:
Disable Snooze
: This option disables all snooze control. In this mode, the firewall is not
bypassed.
Enable Snooze, and set the Snooze time interval to
: This option enables snooze and allows you
to type a value in the box next to this option.
Reset the Snooze time interval to
: This option allows you to enter a value to reset the time if
you need a time extension for an open snooze session. For example, if a service technician is in
your system and needs 5 more minutes, type 5 in the "Reset the Snooze time interval to" box.
5.
Click
Apply
.

Rate

4.5 / 5 based on 2 votes.

Popular Siemens Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top